Firewall
Dlink DRO-210i User Guide 47
Select Firewall
IDS Configuration to configure the IDS Configuration as explained
below.
IDS Configuration
Enable IDS Select Enable to activate the IDS.
Flood Attack Select Enable to activate all types of flood attacks available on this router
i.e. SYN flood attack, ICMP flood attack, ICMP Echo storm attack. In
these attacks, packets are flooded continuously on the target machine.
Ping of Death Select Enable to activate a form of DoS (denial of service) attack. This
attack consists of flood of large-sized ping requests designed to disrupt
the normal activity of a system.
Boink Attack Select Enable to activate the Boink attack. It involves the perpetrator
sending corrupt UDP packets to host.
Smurf Attack Select Enable to activate Smur f attack. This is named after its exploit
program and is the most recent network intrusions against hosts.
TCP SYN Attack Select Enable to activate TCP attacks like SYN/ACK attack, FIN attack
and RESET attack. These attacks exploit the three-way TCP handshaking.
Port scan Attack Select Enable to a ctivate the port scan attacks like Netbus scan, Back
orifice scan, Echo chargen scan, UDP echo scan, Chargen scan, IMAP
scan. All ports are scanned under this attack.
Land Attack Select Enable to activate the Land attack. In this attack the perpetrator
sends spoofed packet(s) with the SYN flag set to the victim's machine on
any open port that is listening. If the packet contains the same source and
destination IP address as the host, the victim's machine could hang or
reboot.
Winnuke Attack Select Enable to activate Denial of service attack. This attack sends OOB
data to an established connection on port 139 (NetBIOS), to any windows
user using 95/NT/3.x.
XMAS-Tree Attack Select Enable to activate the XMAS Tree attack. This attack uses the DoS
technique that sets all TCP header flags to ‘ON’ in an attempt to gain
information regarding a network.
Ascend kill Attack Select Enable to activate the A scend Kill attack. This attack makes the
remote Ascend router reboot by sending it a UDP packet containing
special data on port 9(discard).
After entering all the information press the Apply button. The attacks are logged on the
Intrusion Log. The IP address of the attacker is blacklisted to prevent any further attacks.
Note: To ensure the highest level of security in a network, it is recommended to
enable detection of all the attacks supported by the router.
Web UI